mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-07-02 18:53:41 +00:00
Merge pull request #4160 from MicrosoftDocs/master
Publish 11/5/2020 10:30 AM PT
This commit is contained in:
Tina Burden
GitHub
@ -500,8 +500,8 @@ No. Only one MDM is allowed.
|
||||
Entry | Description
|
||||
--------------- | --------------------
|
||||
What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
|
||||
What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. |
|
||||
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. |
|
||||
What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. This service does not send telemetry.|
|
||||
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. Disabling this will cause your management to fail.|
|
||||
|
||||
## Change history for MDM documentation
|
||||
|
||||
|
||||
@ -65,6 +65,7 @@
|
||||
##### [Remediate vulnerabilities](microsoft-defender-atp/tvm-remediation.md)
|
||||
##### [Exceptions for security recommendations](microsoft-defender-atp/tvm-exception.md)
|
||||
##### [Plan for end-of-support software](microsoft-defender-atp/tvm-end-of-support-software.md)
|
||||
##### [Mitigate zero-day vulnerabilities](microsoft-defender-atp/tvm-zero-day-vulnerabilities.md)
|
||||
#### [Understand vulnerabilities on your devices]()
|
||||
##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
|
||||
##### [Vulnerabilities in my organization](microsoft-defender-atp/tvm-weaknesses.md)
|
||||
|
||||
@ -84,7 +84,7 @@ The following is a sample for reference, using [GUID values for ASR rules](attac
|
||||
|
||||
`OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules`
|
||||
|
||||
`Value: {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1`
|
||||
`Value: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84=2|3B576869-A4EC-4529-8536-B80A7769E899=1|D4F940AB-401B-4EfC-AADC-AD5F3C50688A=2|D3E037E1-3EB8-44C8-A917-57927947596D=1|5BEB7EFE-FD9A-4556-801D-275E5FFC04CC=0|BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550=1`
|
||||
|
||||
The values to enable, disable, or enable in audit mode are:
|
||||
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 16 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 7.5 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 41 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 106 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 66 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 49 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 57 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 38 KiB |
@ -0,0 +1,104 @@
|
||||
---
|
||||
title: Mitigate zero-day vulnerabilities - threat and vulnerability management
|
||||
description: A report showing vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
|
||||
keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: ellevin
|
||||
author: levinec
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection:
|
||||
- m365-security-compliance
|
||||
- m365initiative-defender-endpoint
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Mitigate zero-day vulnerabilities - threat and vulnerability management
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited.
|
||||
|
||||
Threat and vulnerability management will only display zero-day vulnerabilities it has information about.
|
||||
|
||||
## Find information about zero-day vulnerabilities
|
||||
|
||||
Once a zero-day vulnerability has been found, information about it will be conveyed through the following experiences in the Microsoft Defender Security Center.
|
||||
|
||||
### Threat and vulnerability management dashboard
|
||||
|
||||
Find recommendations with a zero-day tag in the “Top security recommendation” card.
|
||||
|
||||
|
||||
|
||||
Find top software with the zero-day tag in the "Top vulnerable software" card.
|
||||
|
||||
|
||||
|
||||
tvm-zero-day-top-vulnerable-software
|
||||
|
||||
### Weaknesses page
|
||||
|
||||
Find the named zero-day vulnerability along with a description and details.
|
||||
|
||||
- If this vulnerability has a CVE-ID assigned, you’ll see the zero-day label next to the CVE name.
|
||||
|
||||
- If this vulnerability has no CVE-ID assigned, you will find it under an internal, temporary name that looks like “TVM-XXXX-XXXX”. The name will be updated once an official CVE-ID has been assigned, but the previous internal name will still be searchable and found in the side-panel.
|
||||
|
||||
|
||||
|
||||
### Security recommendations page
|
||||
|
||||
Clear suggestions regarding remediation and mitigation options, including workarounds if exist.
|
||||
|
||||
When there is an application with associated zero-day vulnerability and additional vulnerabilities to address, you will get one recommendation regarding both.
|
||||
|
||||
|
||||
|
||||
## Addressing the zero-day vulnerability
|
||||
|
||||
Go to the security recommendation page and select the zero-day recommendation. A flyout will open with information about the zero-day and other vulnerabilities for that software.
|
||||
|
||||
There will be a link to mitigation options and workarounds if they are available. Workarounds may help reduce the risk posed by this zero-day vulnerability until a patch or security update can be deployed.
|
||||
|
||||
Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.”
|
||||
|
||||
|
||||
|
||||
## Patching the zero-day vulnerability
|
||||
|
||||
When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.”
|
||||
|
||||
|
||||
|
||||
## Other places to find vulnerable software
|
||||
|
||||
### Software inventory page
|
||||
|
||||
Find software with the zero-day tag.
|
||||
|
||||
|
||||
|
||||
### Software page
|
||||
|
||||
Find a zero-day tag for each software that has been affected by the zero–day vulnerability.
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
Reference in New Issue
Block a user